Tightening up login_hint and id_token requirements to cater for two scenarios.

Branch: RaidiamRalph/fapi-2:RaidiamRalph/tightening-up-login_hint-and-id_token-re-1520868370390

Branch: openid/fapi:master

Merged

#52 · Created 2018-03-12 · Last updated 2018-03-28

Merged pull request

Merged in RaidiamRalph/fapi-2/RaidiamRalph/tightening-up-login_hint-and-id_token-re-1520868370390 (pull request #52)

1839494·Author: Ralph Bragg·Closed by: Nat Sakimura·2018-03-28

Tightening up login_hint and id_token requirements to cater for two scenarios.

Initial engagement where a Subject needs to identify itself to a TPP with a bank provided identifier. This identifier should be non static non deterministic to minimize ability for bad actors to spam or trigger invalid requests.
Subsequent client engagements can then use a id_token_hint to identify the subject. This allows TPP's to be responsible for initial subject identification. i.e linking a Bank Identifier to a "club card" etc.